From 17e63e26223c7e9390adb0510b543e89cee5f8d2 Mon Sep 17 00:00:00 2001
From: FusionPBX <markjcrane@gmail.com>
Date: Fri, 29 May 2026 20:13:21 +0000
Subject: [PATCH] Fix SQL queries to include group_level

---
 core/groups/groups.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/core/groups/groups.php b/core/groups/groups.php
index 4752e3cbe..4fdaa4041 100644
--- a/core/groups/groups.php
+++ b/core/groups/groups.php
@@ -86,7 +86,10 @@
 
 //get the count
 	$sql = "select count(*) from view_groups \n";
-	$sql .= "where true \n";
+	$sql .= "where ( ";
+	$sql .= "	group_level <= :group_level ";
+	$sql .= "	or group_level is null ";
+	$sql .= ") ";
 	if ($show == 'all' && permission_exists('group_all')) {
 		$sql .= "and (domain_uuid is not null or domain_uuid is null) ";
 	}
@@ -101,6 +104,7 @@
 		$sql .= ") \n";
 		$parameters['search'] = '%'.$search.'%';
 	}
+	$parameters['group_level'] = $_SESSION['user']['group_level'];
 	$num_rows = $database->select($sql, $parameters ?? [], 'column');
 
 //prepare to page the results
@@ -124,7 +128,10 @@
 	$sql .= "group_level, ";
 	$sql .= "group_description ";
 	$sql .= "from view_groups ";
-	$sql .= "where true \n";
+	$sql .= "where ( ";
+	$sql .= "	group_level <= :group_level ";
+	$sql .= "	or group_level is null ";
+	$sql .= ") ";
 	if ($show == 'all' && permission_exists('group_all')) {
 		$sql .= "and (domain_uuid is not null or domain_uuid is null) ";
 	}
@@ -141,6 +148,7 @@
 	}
 	$sql .= order_by($order_by, $order, 'group_name', 'asc');
 	$sql .= limit_offset($rows_per_page, $offset);
+	$parameters['group_level'] = $_SESSION['user']['group_level'];
 	$groups = $database->select($sql, $parameters ?? [], 'all');
 	unset($sql, $parameters);